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APPARATUS AND METHOD FOR PERFORMING A FAIL-SAFE 
OVER -THE -AIR SOFTWARE UPDATE IN A MOBILE STATION 

TECHNICAL FIELD OF THE INVENTION 
[0001] The present invention is directed generally to wireless 
communication systems and, more specifically, to an apparatus and 
method for performing fail-safe patching of software in a wireless 

communication device. 

BACKGROUND OF THE INVENTION 

[0002] In order to increase the wireless market to the greatest 
extent possible, wireless service providers and wireless equipment 
manufacturers constantly seek new ways to make wireless equipment 
and services as convenient, liser-f riendly , and affordable as 
possible. To that end, wireless service providers and the 
manufacturers of wireless mobile stations, such as cell phones, and 
fixed (or stationary) wireless terminals, frequently work together 
to streamline procedures for enrolling and equipping new 
subscribers and for improving the services and equipment of 
existing subscribers. 

[0003] One important aspect of these efforts involves over-the- 
air (OTA) provisioning and upgrading of wireless mobile stations. 
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such as cell phones, wireless personal digital assistants (PDAs) , 
wireless hand-held computers, two-way pagers, and the like, as well 
as fixed wireless terminals. OTA provisioning is a relatively new 
feature that enables a new subscriber who purchases a new cell 
phone (or othe.r wireless device) to set up a new account with a 
wireless service provider and to configure the new cell phone for 
operation. Over-the-air (OTA) upgrading of a wireless device also 
is a relatively new procedure that enables a subscriber to download 
and install updated software containing patches, bug fixes, and 
newer versions of the software, including the operating system, 
stored in the wireless device. The wireless service provider or 
the mobile station manufacturer, or both, may provide the updated 
software . 

[0004] However, one drawback to an- OTA update procedure is that 
user interference may render the mobile station useless. 
Typically, the user interference causes power to be shut off during 
the application of a software update file. The power shut-off may 
be intentional (i.e., user removes battery) or accidental (i.e., 
user drops mobile and battery dislodges) . In any event, the new 
code from the downloaded update file may be only partially applied 
to the non-volatile memory when power is cut off. As a result, 
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when the mobile station is powered up again, the corrupted code in 
the non-volatile memory may render . the mobile station useless. 

[0005] Therefore, there is a need in the art for improved 
systems and methods for performing automatic software updates of 
5 wireless mobiles stations and fixed wireless terminals. In 
particular, there is a need for a method of replacing the software 
of a wireless communication device that does not render the 
wireless communication device useless if power is suddenly lost 
during application of the updated software. 
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SUMMARY OF THE INVENTION 
[0006] The present invention comprises an apparatus and method 
for fail-safe application of downloaded software update file (i.e., 
patch code) for a wireless communication device. One object of the 
5 present invention is to apply the downloaded software file in such 
a manner that no accidental or deliberate action on the part of the 
user during the application of the software update file will render 
.the wireless communication device useless. The present invention 
accomplishes this using an algorithm comprising two parts: i) 

10 construction of a journal, and. ii) recovery using information 
stored in the journal in case of abnormal power loss (interruption 
to the patch application process) . 

[0007] To address the above -discussed deficiencies of the prior 
art, it is a primary object of the present invention: to provide a 

15 wireless communication device .capable of downloading a software 
update file from a wireless network. According to an advantageous 
embodiment of the present invention, the wireless communication 
device comprises: 1) a non-volatile memory capable of being re- 
programmed by sectors, wherein the non-volatile memory stores: i) a 

20 target file to be updated, ii) the downloaded software update file, 
and iii) a journal comprising a plurality of entries, each of the 
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plurality of entries containing status information associated with 
a re-programmed sector of the non-volatile memory; 2) a random 
access memory; and 3) a main processor capable of replacing target 
code in the target file with replacement code from the downloaded 
5 software update file. The main processor creates a first block of 
replacement code in the random access memory and re -programs a 
first target sector of the non-volatile memory by storing the first 
block of replacement code into the first target sector. The main 
processor updates first status information in a first entry in the 

10 journal associated with the first target sector. 

[0008] It is another primary object of the present invention to 
provide a wireless communication device capable of receiving and 
storing an incoming software update file transmitted by a wireless 
network. According to an advantageous embodiment of the present 

15 invention, the wireless communication device comprises: 1) a non- 
volatile memory capable of being re-programmed by sectors, wherein 
the non-volatile memory stores: i) a downloaded software update 
file, and ii) a journal comprising a plurality of entries, each of 
the plurality of entries containing status information associated 

20 with a re-programmed sector of the non-volatile memory, 2) a random 
access memory, and 3) a main processor capable of storing 
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replacement code from the incoming software update file in the 
downloaded software update file. The main. processor stores a first 
block of replacement code from the incoming software update file in 
the random access memory and re-programs a first target sector of 
5 the downloaded software update file in the non-volatile memory by 
storing the first block of replacement code into the first target 
sector. The main processor updates first status information in a 
first entry in the journal associated with the first target sector. 
[0009] Before undertaking the DETAILED DESCRIPTION OF THE 

10 INVENTION below, it may be advantageous to set forth definitions of 
certain words and phrases used throughout this patent document : 
the terms ''include" and ''comprise," as well as derivatives thereof, 
mean inclusion without limitation; the term "or," is inclusive, 
meaning and/or; the phrases "associated with" and "associated 

15 therewith," as well as derivatives thereof , may mean to include, be 
included within, interconnect with, contain, be contained within, . 
connect to or with, couple to or with, be communicable with, 
cooperate with, interleave, juxtapose, be proximate to, be bound to 
or with, have, have a property of, or the like; and the term 
. 20 "controller" means any device, system or part thereof that- controls 
at least one operation, such a device may be implemented in 
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hardware, firmware or software, or some combination of at least two 
of the same. It should be noted that the functionality associated 
with any particular controller may be centralized or distributed, 
whether locally or remotely. Definitions for certain words and 
5 phrases are provided throughout . this patent document, those of 
ordinary skill in the art should understand that in many, if not 
most instances, such definitions apply to prior, as well as future 
uses of such defined words and phrases. 
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BRIEF DESCRIPTION OF THE DRAWINGS 
[0010] For a more complete understanding of the present 
invention and its advantages, reference is now made to- the 
following description taken in conjunction with the. accompanying 
5 drawings, in which like reference numerals represent like parts: 
[0011] FIGURE 1 illustrates an exemplary wireless network 
according to one embodiment of the present invention; 

[0012] FIGURE 2 illustrates an exemplary mobile station in 
greater detail according to one embodiment of the present 
10 invention; 

[0013] FIGURE 3 illustrates selected portions of non-volatile 
memory in the exemplary mobile station according to one embodiment 
of the present invention; 

[0014] FIGURE 4 is a flow diagram illustrating a software patch 
15 application operation of the exemplary mobile station according to 
the principles of the present invention; and 

[0015] FIGURE 5 is a flow diagram illustrating a software 
download operation of the . exemplary mobile . station according to the 
principles of the present invention. 
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DETAILED DESCRIPTION OF THE INVENTION 
[0016] FIGURES 1 through 5, discussed below, and the various 
embodiments used to describe . the principles of the present 
invention in this patent document are by way of illustration only 
5 and should not be construed in any way to limit the scope of the 
invention. Those skilled in the. art will understand that the 
principles of the present invention may be implemented in any 
suitably arranged wireless communication device. 

[0017] FIGURE 1 illustrates exemplary wireless network 100 
10 according to one embodiment of the present invention. Wireless 
network 100 comprises a plurality of cell sites 121-123, each 
containing one of the base stations, BS' 101, BS 102, or BS 103 . 
According to the illustrated exemplary embodiment of the present 
invention described herein, base stations 101-103 communicate with 
15 a plurality of mobile stations (MS) 111-114 over code division 
. multiple access (CDMA) channels. However, in alternate embodiments 
of the present invention, base stations 101-103 . may communicate 
with mobile stations 111-114 over other types of multiple access 
channels, including TDMA channels, FDMA channels, GSM channels, and 
2b the like. Mobile stations 111-114 may be any suitable wireless 
devices, including conventional cellular radiotelephones, PCS 
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handset devices, personal digital assistants, portable computers, 
or metering devices, 

[0018] However, it should be understood that the present 
invention is not limited to mobile devices. Other types of access 
terminals may be used, including fixed (i.e., stationary) wireless 
terminals. For the sake of simplicity, only mobile stations- are 
shown and discussed hereafter. However, for the' purposes of 
defining the scope of the claims of the present invention, the 
terms -"mobile station," -'wireless communication device," ''wireless 
terminal," and any other term used to denote a device that 
wirelessly communicates with a base station should be construed 
broadly to include' both mobile and stationary wireless access 
devices. 

[0019] Dotted lines show the approximate boundaries of the cell 
sites 121-123 in which base stations 101-103 are located. The cell 
sites are shown approximately circular for the purposes of 
illustration and explanation only. It should be clearly understood 
that the cell sites may have other irregular shapes, depending on 
the .cell configuration selected and natural and man-made 
obstructions. ■ . 
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[0020] As is well known in the art, each one of cell sites^l21- 
123 comprises a plurality of sectors (not shown) , each sector being 
illuminated by a directional antenna coupled to the base station. 
The embodiment of FIGURE 1 illustrates the base station in the 
5 center of the cell. Alternate embodiments position the directional 
antennas in corners of the sectors. The present invention is not 
limited to any particular cell site configuration. 

[0021] In one embodiment of the present invention, each one of 
BS 101, BS 102, and BS 103 comprises a base station controller 

10 (BSC) and one or more base transceiver subsystem (s) (BTS) . Base 
station controllers and base transceiver subsystems are well known 
to those skilled in the, art. A base station controller is a device 
that manages wireless communications resources, including the base 
transceiver subsystems, for specified cells within a wireless 

15 communications network. A base transceiver subsystem (BTS) 
comprises the RF transceivers, antennas, and other electrical 
equipment located in. each cell site. This equipment may include 
air conditioning units, heating units, electrical power supplies, 
telephone line interfaces, and RF transmitters and RF receivers. 

20 For the purpose of simplicity and clarity in explaining the 
operation of the present invention, the base transceiver 
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subsystem(s) in each of cells 121, 122, and 123 and the base 
station controller (BSC) associated with each base, transceiver 
subsystem (BTS) are collectively represented by BS 101, BS 102 and 
BS 103, respectively. 

[0022] BS 101, BS 102 and BS 103 transfer voice and data signals 
between each other and the public switched telephone network (PSTN) 
(not shown) via communication line 131 and mobile switching center 
MSG) 140. BS 101, BS 102 and BS 103 also transfer data signals, 
such as packet data, with the Internet (not shown) via 
communication line 131 and packet data server node (PDSN) 150. 
Line 131 also provides the connection path to transfers control 
signals between MSG 140 and BS 101, BS 102 and BS 103 used to 
establish connections for voice and data circuits between MSG 140 
and BS 101> BS 102 and BS 103. 

[0023] Gommunication line 131 may be any suitable connection 
means, including a Tl line, a T3 line, a fiber optic link, a 
network packet data backbone connection, or any other type of data 
connection. Line 131 links each vocoder in the BSG with switch 
elements in MSG 140. Those skilled in the art will recognize that 
the connections on line 131 may provide a transmission path for 
transmission of analog voice band signals, a digital path for 
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transmission of voice signals in the pulse code - modulated (PCM) 
format, a digital path for transmission of voice signals in an 
Internet Protocol (IP) format, a digital path for transmission of 
voice signals in an asynchronous transfer mode (ATM) format, or 
other suitable, connection transmission protocol. Those skilled in 
the art will recognize that the connections on line 131 may provide 
a transmission path for transmission of analog or digital control 
signals in a suitable signaling protocol. 

. [0024] MSC 140 is a switching device that provides services and 
coordination bet-ween the subscribers in a wireless network and 
external networks, such .as the PSTN or Internet. MSC 140. is well 
known to those skilled in the art. In some embodiments of the 
present invention, communications line 131 may be several different 
data links where each data link couples one of BS 101, BS 102, or 
BS 103 to MSC 140 . 

[0025] In the exemplary wireless network 100, MS 111 is located 
in cell site 121 and is in communication with BS 101. MS 113 is 
located in cell site 122 and is in communication with BS 102. 
MS 114 is located in cell site 123 and is in communication with 
BS 103. MS 112 is also located close to the edge of cell site 123 
and is moving , in the direction of cell site 123, as indicated by 
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the direction arrow proximate MS 112. At some point, as MS 112 
moves into cell site 123 and out of cell site 121, a hand-off will' 
occur. 

[0026] As is well known, the hand-off procedure transfers 
control of a call from a first cell site to a second cell site. As 
MS 112 moves from cell 121 to cell 123, MS 112 detects the pilot 
signal from BS 103 and sends a Pilot Strength Measurement Message 
to BS 101. When the strength of the pilot transmitted by BS 103 
and received and reported by MS 112 exceeds a threshold, BS 101 
initiates a soft hand-off process by signaling the target BS 103 
that a handoff is required as described in TIA/EIA IS -95 or TIA/EIA 
IS-2000. . 

[0027] BS 103 and MS 112 proceed to negotiate establishment of a 
communications link in the CDMA channel. Following establishment 
of the communications link between BS 103 and MS 112, MS 112 
communicates with both BS 101 and BS 103 in a soft handoff mode. 
Those acquainted with the art will recognize that soft hand-off 
improves the performance on both forward (BS to MS) channel and 
reverse (MS to BS) channel links. When the signal from BS 101 
falls below a predetermined signal strength threshold, MS 112 may 
then drop the link with BS 101 and only receive signals from 
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BS 103. The call is thereby seamlessly transferred from BS 101 to 
BS 103. The above -described soft hand-off assumes the mobile 
. station is in a voice or data call. An idle hand-off is the hand- 
off between cells sites of a mobile station that is' communicating 
5 in the control or paging channel . \ 

[0028] Any or all of the mobile stations, (including fixed 
wireless terminals) in wireless network 100 may be updated by means 
of an oyer-the-air (OTA) update procedure that transfers new 
software to the mobile stations from a- remote update server. The 

10 remote update server (not shown) may be accessed via PDSN 150 or 
MSG 140. In one embodiment of the present invention, the update 
server may update an existing software, file (or target file) in a 
mobile station by transmitting a new image file that replaces the 
target file in its entirety. 

15 [0029] In an alternate embodiment, the remote server may 

transmit a delta file that performs a byte -by- byte replacement of 
only selected portions of the. target software file, rather than the 
■ entire target file. The rfiobile station executes, a software 
algorithm that reads instructions and data from the delta file. 

20 The software algorithm modifies, for example, the existing 
operating system software to produce a new (or updated) version of 
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the operating system software. In this advantageous embodiment, . 
the mobile station downloads ' a small delta file over the air, 
rather than a large image file, thereby saving bandwidth. Unique 
apparatuses and methods for upgrading the software of a mobile 
5 station using delta files are disclosed in greater detail in United 
States Patent Application Serial No. 10/358,570, filed on February 
5, 2003, entitled "System and Method for Delta-Based Over-the-Air 
Software Updates for a Wireless Mobile Station" and in United 
States Patent Application Serial No. 10/366,758, filed on February 

10 14, 2003, entitled "Apparatus and Method for Upgrading Software of 
a Wireless Mobile Station." Patent Application Serial Nos. 
10/3.58,570 and 10/366,758 are commonly assigned to the assignee of 
the present invention. The disclosures of Patent Application 
Serial Nos. 10/358,570. and 10/366,758 are hereby incorporated by 

15 reference into the present application as if fully set forth 
herein. 

[0030] FIGURE 2 illustrates exemplary mobile station 111 
according to an advantageous embodiment of the present invention. 
Wireless mobile station 111 comprises antenna 205, radio frequency 
20 (RF) transceiver 210, transmit (TX) processing circuitry 215, 
microphone 220, and receive (RX) processing circuitry 225. MS 111 
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also comprises speaker 230, main processor 240, input/output (I/O) 
interface (IF) 245, keypad 250, and display 255. The memory 
elements of mobile stations- (MS) 111 comprise random access memory 
(RAM) 260 and non-volatile (NV) memory 270. 

[0031] Radio frisquency (RF) transceiver 210 receives from 
antenna 205 an incoming RF signal transmitted by a base station of 
wireless network 100. Radio frequency (RF) transceiver 210 down- 
converts the incoming RF signal to produce an intermediate 
frequency (IF) or a baseband, signal. The IF or baseband signal is 
sent to receiver (RX) processing circuitry 225, which filters, 
decodes and/or digitizes the baseband or IF signal to produce a 
processed baseband signal. Receiver (RX) processing circuitry 225 
transmits the processed baseband signal to speaker 230 (e.g., voice 
data) or to main processor 240 for further processing (e.g., web 
browsing) . 

[0032] Transmitter (TX) processing circuitry 215 receives analog 
or digital voice data from microphone 220 or other outgoing 
baseband data (e.g., web data, e-mail, interactive video game data) 
from main processor 240. Transmitter (TX) processing circuitry 215 
encodes, multiplexes, and/or digitizes the outgoing baseband data 
to produce a processed baseband or IF signal. Radio frequency (RF) 
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transceiver 210 receives the outgoing processed baseband or IF 
signal from transmitter (TX) processing circuitry 215. Radio 
frequency (RF) transceiver 210 up-converts the baseband or IF 
signal to a radio frequency (RF) signal that is transmitted 
5 via antenna 205. 

[0033] In an advantageous embodiment of the present invention, 
main processor 240 is a microprocessor or microcontroller, RAM 260 
and non-volatile (NV) memory 270 are coupled to main processor 240. 
NV memory .270 comprises a flash memory, which acts as a read-only 

10 memory (ROM) . Main processor 240 executes an operating system (OS) 
program that controls the overall operation of wireless mobile 
station 111. The OS program is loaded from NV memory 270 into RAM 
260 for execution. In typical operations, main processor 240 
controls the reception of forward channel signals and the 

15 transmission of reverse channel signals by radio frequency (RF) 
transceiver 210, receiver (RX) processing circuitry 225, and 
transmitter (TX) processing circuitry 215, in accordance with well- 
known principles. 

[0034] Main processor 240 is capable of executing other 

20 processes and programs . resident in RAM 260 and NV (flash) memory 
270. Main processor 240 can move data into or out of RAM 260, as 
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required by an executing process. Main processor 240 is also 
coupled to I/O interface 245. I/O interface 245 provides mobile 
station 111 with the ability to connect to other devices such as 
laptop computers and handheld computers. I/O interface 245 is the 
5 communication path between these accessories and main 
controller 240. 

[0035] Main processor 240 is also coupled to keypad 250 and 
■display unit 255. The operator of mobile station 111 uses keypad 
250 to enter data into mobile station 111. Display 255 may be a 

10 liquid crystal display capable of rendering text and/or at least 
limited graphics from web sites. Alternate embodiments may use 
other types of displays. 

[0036] Main processor 240 is capable of receiving and installing 
software updates. This over-the-air (OTA) update may be initiated 

15 by any conventional triggering event, such as an operator- initiated 
action, an automated- periodic procedure -^(i.e., expiration or a 
timer in MS 111), or receipt of a notification message from the 
remote update server. Unique apparatuses and methods for upgrading 
mobile station software using a notification message from the 

20 remoter server are disclos.ed in greater detail in United States 
Patent Application Serial No. 10/366,758, filed on- February 14, 
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2003, entitled "Apparatus and Method for Upgrading Software of a 
Wireless Mobile Station." Patent Application Serial No. 10/355,758 
is commonly assigned to the assignee of the present invention. The 
disclosure of Patent Application Serial No. 10/366,758 is hereby 
5 incorporated by reference into the present application as if fully 
set forth herein. 

[0037] In response to any of these triggering events> main . 
processor 240 establishes a communication link to wireless network 
100 and to the remote update server via the Internet connection of 

10 wireless network 100. After the software update file has been 
downloaded from the remote update server, main, processor 240 
performs the update by replacing the target file in its entirety 
with the new image file, or, if the update file is a delta file, by 
executing the delta file and replacing selected portions of the 

15 target file. As noted above, it is entirely possible that a power 
failure may occur during the file replacement (or. patching) process 
that results in an incomplete update operation that renders MS 111 
useless. To prevent this from, happening, the present invention 
implements a novel method of tracking the application of the 

20 updated software file that prevents a power interruption from 
rendering MS 111 useless. 
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[0038] The foregoing is accomplished using a journal that tracks 
the application of the updated software on a sector-by- sector basis 
in NV memory 270. The construction of the journal is based on the 
idea of isolating the patch application process into sector-sized 
5 blocks of NV memory 270. Each such block of the updated software 
maps to a hardware flash sector (or block) size of NV memory 270. 
It is noted flash memory devices, such as NV memory 270 may be 
erased only in sector-sized quantities . Each sector size is 
typically 64 Kbytes in size. Furthermore, it is noted that the 

10 only time it is necessary to observe care is during operations that 
physically modify the flash sectors, such as sector-erase 
operations or sector-write operations. 

[0039] FIGURE 3 illustrates selected portions of non-volatile 
(NV) memory 2 70 in exemplary mobile station 111 according to one 

15 embodiment of the present invention. NV memory 310 comprises boot 
ROM code file 310, main image file 320, downloaded software update 
file 330, and free space 340. Boot ROM code file 310 is a read- 
" only, section of. NV memory. 310 that contains the basic operating 
system code, including update agent program 311. Data is never 

20 written to boot ROM code file 310. Main image file 320 contains 
the end-user software applications that are executed by main 
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processor 240 in MS 111. Main image file 320 contains the target 
software code that is patched and/or replaced whenever updated 
software is downloaded over-the-air from wireless network 100.. The 
code in main image file 320 is replaced (i.e., re -programmed) in 
5 sector-sized blocks . The dotted lines in main image file 320 
indicate sector boundaries. Exemplary consecutive sectors 321, 322 
and 322 are arbitrarily labeled Sector N, Sector N+1, and Sector 
N+2, respectively. 

[0040] When MS 111 downloads a code patch or other updated 

10 software from the remote update server, main processor 240 stores 
the new code in. downloaded software update file 330. Main 
processor 240 then executes update agent program 311, which applies 
the patch code to main image file 320. If a sudden power loss 
occurs and MS 111 is re-booted, main processor 240 automatically 

15 executes update agent program 311 as part of the normal boot -up 
procedure in boot ROM code 310. As will be explained below in 
greater detail, this allows an incomplete software update procedure 
to be automatically resumed when MS 111 is re-booted. 

[0041] Assuming a delta file in downloaded software update file 

20 330 is used to update main image file 320, each patch instruction 
modifies several contiguous bytes of memory within a sector (or its 
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adjacent neighbor). These modifications are not immediately 
committed to NV memory 270, but are instead cached in a sector- 
sized block in RAM 260. Once the patch algorithm crosses a sector 
boundary, the entire cached sector from RAM 260 programmed into NV 
5 memory 270. Thus, NV memory 270 is re-programmed in sector-sized 
blocks. If an entire new image file is downloaded instead of a 
delta file, the new code is still assembled in a sector-sized block 
in RAM 260 before being programmed into NV memory 270. 

[0042] After each sector of NV memory 270 is modified, a 

10 ''journal" (or log record) is written that describes the operation 
that was successfully performed. Each journal entry is written, 
into one of two sectors of free space 340 in NV memory 270.. Sector 
341 of NV memory 270 is arbitrarily labeled ''Journal Sector .1" and 
sector 342 of NV memory 270 is arbitrarily labeled "Journal Sector 

15 2." The journal entries are written in Journal Sector 1 and 
Journal Sector 2 in contiguous fashion, without erasing previous 
journal entries. 

[0043] In order to retain enough information for recovery after 
a sudden power loss, two independently erasable sectors of flash 

20 memory 270 (sectors 341 and 342) are required for writing the 
journal. When one journal sector is filled with journal records, 
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the second journal sector is erased and used for the next journal 
entry. Thus, any power loss during the erasing of the second 
journal sector will not affect the information already committed to 
the first journal sector. This order of switching between Journal 
Sector 1 and Journal Sector 2 is crucial to the recovery algorithm. 

It guarantees that at any point in time, a valid journal record is 
present that accurately describes the last successful sector re- 
programming operation in NV memory 27 0. 

[0044] Additionally, the present invention uses save-area sector 
350 of NV memory 270 to save the previous contents of a sector that 
is about to be modified with results from applying patch 
instructions. Save-area sector 350 is necessary to restore the 
previous contents if the sector-modify operation is interrupted. 

[0045] FIGURE 4 depicts flow diagram 400,. which illustrates a 
software patch application operation of exemplary mobile station 
111 according to the principles of the present invention. 
Initially, main processor 240, under the control of update program 
311, assembles a sector-sized block of updated software code in the 
cache in RAM 260 (process step 405). Next, main processor 240 
reprograms a target sector (Sector X) with the sector-sized block 
of updated software code from the cache in RAM 2 60 (process step 
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410) . When Sector X is re -programmed, main processor 240 creates a 
journal entry in Journal Sector 1 or Journal Sector 2 that 
corresponds to updated Sector X (process step 415) . 

[0046] Next, main processor 240 determines whether there is more 
5 updated software code in downloaded software update file 330 
(process step 420) . If no more updated software code remains, the 
software update procedure ends . However, if downloaded software 
update file 330 still contains new updated software code that must 
be programmed into main image file 320 in NV memory 270, then main 
10 processor 240 moves to the next sequential sector after Sector X 
(process step 425) and repeats steps 405, 410 -and 415 for Sector 
X+1. This process repeats until all new updated software code in 
downloaded software update file 33 0 has been programmed into NV 
memory 270. 

15 [0047] Each journal entry in Journal Sector 1 and Journal Sector 

2 contains three (3) parameters: 1) FLUSH_SECTOR, 2) SAVE_OK, and 
3) COMMITTOR . The FLUSH_SECTOR parameter indicates the start of a 
sector modification process. The SAVE_OK parameter indicates that 
the previous contents of the sector were saved correctly in save- 

20 area sector 350. The COMMIT_OK parameter indicates that the 
modified sector was updated successfully. 
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[0048] During the software update process, commit operations are 
interleaved with journal entries according to the following 
algorithm: 

Algorithm - Update Sector from RAM 270 Cache . 
5 Inputs :' RAM-Buff er, Sector-Address, Last-Instruction-Applied. 

Step 1 - Write journal entry: FLUSH__SECTOR with instr = Last- 
Instruction-Applied, Sector-Address . 

Step 2 - Save the old contents at Sector-Address to save-area 
sector 350 . 

10 • Step 3 - Write- journal entry: SAVE_OK. 

Step 4 - Erase the sector at Sector-Address. 
Step 5 - Write data from RAM-Buffer to Sector-Address. 
Step 6 - Write journal entry: COMMIT_OK. 
[0049] As each sector is modified in the sequence described 
15 above, it contains enough . information to recover if there is any 
kind . of abnormal power loss at any point in Step 1 through Step 6 . 

[0050] The recovery algorithm is based on the following 
observations, First, if there is power loss before or during Step 
1, then Journal Sector 1 (or Journal Sector 2) has a complete set 
20 of information from the prior sector update. More importantly, the 
target sector that . was . about to be modified still has the 
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unmodified data. Thus, it is possible to recover and continue. 
Second, if there is a power loss before Step 3., but after Step 1, 
then it is the same as the previous case (i.e., the target sector 
is not modified) , Third, if there is a power loss after Step 3, 
5 but before Step 6, then Journal Sector 1 (or Journal Sector 2) 
indicates that the old contents of the sector were saved 
successfully (i.e., the presence of the SAVE_OK journal parameter). 

Thus, upon re-boot, main processor 24 0 restores the contents of 
the sector from save -area sector 350 before continuing. Fourth, if 

10 there is a power loss after Step 6, the sector was modified 
successfully and there is a journal record to prove it. In such a 
case, the recovery operation simply continues after the update 
instruction that was last processed. 

[0051] The present invention is not limited to the re- 

15 programming of the sectors of main image file 320. A journal 
according to the principles of the present invention may also be 
used to download and store the updated software into downloaded 
software update file 330. If a sudden power loss occurs during the 
download process, the journal may be. used to resume the download 

20 operation at: the next sequential sector following the last 
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successfully downloaded and saved sector of , downloaded software 
update file 330. 

[0052] FIGURE 5 depicts flow diagram 500, which illustrates a 
downloading operation of exemplary mobile station 111 according to 
5 the principles of the present invention," Initially, main processor 
240, under the control of update program 311, downloads from the 
remote update server a sector-sized block of updated software code 
in the cache in RAM 260 (process step 505) . Next, main processor 
24 0 reprograms a target sector (Sector X) of downloaded software 

10 updated file 330 with the sector-sized block of downloaded code 
from the cache in RAM 260 (process step 510) . When Sector X is re- 
programmed, main processor 240 creates a journal entry in Journal 
Sector 1 or Journal Sector 2 that corresponds to Sector X of 
downloaded software updated file 330 (process step 515) . 

15 [0053] Next, main processor 240 determines whether there is more 

updated software code to be downloaded from the remote update 
server (process step 520) . If there is no more updated software 
code to be sent by the remote server, the download operation ends. 
However, if the remote server is still transmitting new updated 

20 software to be stored in downloaded software update file 330 in NV 
memory 270, then main processor 240 moves to the next sequential 
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sector after Sector X (process step 525) and repeats steps 505, 510 
and 515 for Sector X+1. This process repeats until all new updated 
software code has been received from the remote update server. and 
stored in downloaded software update file 330 in NV memory 270. 

[0054] If a power loss occurs at any point during the download 
operation, then the entries in Journal Sector 1 and Journal . Sector 
2 may be used to resume the download operation -at the correct point 
after power is restored. The recovery algorithm is analogous to 
the recovery algorithm described above for application of a 
downloaded software patch to main image file 320. 

[0055] Although the present invention has been described with an 
exemplary embodiment, various changes and modifications may be 
suggested to one skilled in the art., ■ It is intended that the 
present invention encompass such changes and modifications as fall 
within the scope of the appended claims. 



